[ome-users] LDAP Config for PosixGroups
Andreas Mueller
Andreas.Mueller at Biologie.Uni-Osnabrueck.DE
Wed Jan 30 17:08:38 GMT 2019
Hi Josh,
yes .. I tried a lot
_______
# that's me:
[root at omero3 ~]# ldapsearch -x uid=andrmuel -LLL
dn: uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de
objectClass: top
objectClass: uniosAccount
gidNumber: 301
uid: andrmuel
:
# this group controls the access to our omero:
[omero at omero3 OMERO.server]$ ldapsearch -x -LLL -D "uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de" -w ********
cn=cellnanosomero
dn: cn=cellnanosomero,ou=groups,dc=uni-osnabrueck,dc=de
objectClass: posixGroup
cn: cellnanosomero
gidNumber: 688
memberUid: sukunis # example person ..
memberUid: kbernhar # example person ..
memberUid: andrmuel # example person ..
:
:
# Every person has the same structure:
uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de
uid=kbernhar,ou=people,dc=uni-osnabrueck,dc=de
uid=sukunis,ou=people,dc=uni-osnabrueck,dc=de
:
:
# My config:
omero.ldap.base=dc=uni-osnabrueck,dc=de
omero.ldap.config=true
omero.ldap.group_filter=(gidNumber=688)
omero.ldap.group_mapping=name=cn
omero.ldap.new_user_group_owner=
omero.ldap.new_user_group=:query:(memberUid=@{uid})
omero.ldap.password=
omero.ldap.referral=ignore
omero.ldap.sync_on_login=false
omero.ldap.urls=ldaps://ldap.uni-osnabrueck.de
omero.ldap.user_filter=(objectClass=uniosAccount)
omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
omero.ldap.username=
a) I don't understand how omero creates binddn for the password query
against the ldap-server (how can I check that?)
b) The attributes: givenName, sn, mail ..
can only be read after a successful authentication of the respective user
against the ldap.
If I do a:
[omero at omero3 OMERO.server]$ bin/omero ldap active
Yes
[omero at omero3 OMERO.server]$ bin/omero ldap create andrmuel
I get a:
not-null property references a null or transient value:
ome.model.meta.Experimenter.firstName; nested exception is
org.hibernate.PropertyValueException: not-null property references a
null or transient value: ome.model.meta.Experimenter.firstName
I find the same error in the logs if I try to logon over web.
I hope someone can help me!
- thanks in advance -
Andreas
On 28.01.19 16:54, Josh Moore wrote:
> On Mon, Jan 28, 2019 at 4:48 PM Andreas Mueller
> <Andreas.Mueller at biologie.uni-osnabrueck.de> wrote:
> >
> > Hi,
>
> Hi Andreas,
>
>
> > are there some hints to configure omero ldap with posixgroups ?
>
> Have you tried anything so far? I'd think this should "just work"
>
> omero.ldap.group_filter=(objectClass=posixGroup)
> omero.ldap.group_mapping=name=cn
> omero.ldap.new_user_group=:query:(memberUid=@{uid})
>
> e.g. https://www.openmicroscopy.org/community/viewtopic.php?f=5&t=2908#p7152
>
> (As always, remember to test LDAP configurations on a test database
> since the unintentional creation of large numbers users and groups is
> possible with many LDAP setups)
>
> ~Josh
>
>
> > - thanks in advance -
> > Andreas
> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
More information about the ome-users
mailing list